Skip to content
Publish on AMO

Bump version to v1.2.2 #22

Sign in to view logs

Bump version to v1.2.2

Bump version to v1.2.2 #22

Workflow file for this run

.github/workflows/publish.yml at 930e50a
name: Publish on AMO
on:
push:
tags:
- v*.*.*
jobs:
publish:
name: Publish web extension
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Node.js
uses: actions/setup-node@v4
with:
cache: npm
- name: Install dependencies
run: npm ci
- name: Build web extension source
run: npm run build
env:
WEB_EXT_FILENAME: icloud_passwords.zip
- name: Upload web extension source
uses: actions/upload-artifact@v4
with:
name: src
path: ./web-ext-artifacts/icloud_passwords.zip
compression-level: 0
- name: Submit web extension
run: npx web-ext sign
env:
WEB_EXT_USE_SUBMISSION_API: true
WEB_EXT_CHANNEL: listed
WEB_EXT_API_KEY: ${{ vars.WEB_EXT_API_KEY }}
WEB_EXT_API_SECRET: ${{ secrets.WEB_EXT_API_SECRET }}
WEB_EXT_NO_INPUT: true
- name: Rename signed web extension file
working-directory: ./web-ext-artifacts
run: mv *.xpi icloud_passwords.xpi
- name: Upload signed web extension
uses: actions/upload-artifact@v4
with:
name: xpi
path: ./web-ext-artifacts/icloud_passwords.xpi
compression-level: 0
helpers:
name: Build install helpers
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Go
uses: actions/setup-go@v5
with:
cache-dependency-path: ./scripts/install/go.sum
- name: Build install helper
working-directory: ./scripts/install
run: ./build.sh
- name: Upload install helper artifact
uses: actions/upload-artifact@v4
with:
name: helpers
path: ./scripts/install/dist/*
release:
name: Release on GitHub
runs-on: ubuntu-latest
needs:
- publish
- helpers
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download XPI artifact
uses: actions/download-artifact@v4
with:
name: xpi
path: ./web-ext-artifacts
- name: Download install helpers artifact
uses: actions/download-artifact@v4
with:
name: helpers
path: ./web-ext-artifacts
- name: Create GitHub release
run: |
if gh release view "${{ github.ref_name }}" >/dev/null 2>&1
then
echo "Release ${{ github.ref_name }} already exists, skipping..."
exit 0
fi
gh release create \
"${{ github.ref_name }}" \
--title "${{ github.ref_name }}" \
--verify-tag
env:
GH_TOKEN: ${{ github.token }}
- name: Attach artifacts to release
run: |
gh release upload \
"${{ github.ref_name }}" \
./web-ext-artifacts/* \
--clobber
env:
GH_TOKEN: ${{ github.token }}
attest:
name: Attest build provenance
runs-on: ubuntu-latest
needs:
- release
permissions:
contents: write
id-token: write
attestations: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download source artifact
uses: actions/download-artifact@v4
with:
name: src
path: ./web-ext-artifacts
- name: Download install helpers artifact
uses: actions/download-artifact@v4
with:
name: helpers
path: ./web-ext-artifacts
- name: Generate artifact attestation
id: provenance
uses: actions/attest-build-provenance@v1
with:
subject-path: ./web-ext-artifacts
- name: Generate SBOM
uses: anchore/sbom-action@v0
with:
path: ./web-ext-artifacts
upload-artifact: false
output-file: ./sbom.spdx.json
- name: Generate SBOM attestation
id: sbom
uses: actions/attest-sbom@v1
with:
subject-path: ./web-ext-artifacts
sbom-path: ./sbom.spdx.json
- name: Merge attestations
run: |
cat "${{ steps.provenance.outputs.bundle-path }}" >> ./attestation.jsonl
cat "${{ steps.sbom.outputs.bundle-path }}" >> ./attestation.jsonl
- name: Attach attestation to release
run: |
gh release upload \
"${{ github.ref_name }}" \
./attestation.jsonl \
--clobber
env:
GH_TOKEN: ${{ github.token }}